IT Security Weekend Catch Up – August 27, 2022

Afraid of missing important security news during the week? We’re here to help! Every week we put together a curated list of all important security news in one place, for your reading pleasure. Enjoy!

For the less technical

  1. [VIDEO] CNN interviews Twitter whistleblower about what he saw inside the company
  2. The story of the first “computer bug”… is a pile of lies
  3. Two years on, Apple iOS VPNs still leak IP addresses + more information
  4. Sharing is NOT caring: Android apps that can’t get enough of you
  5. A hospital center targeted by a cyberattack, a ransom of 10 million dollars demanded
  6. Greek gas operator refuses to negotiate with ransomware group after attack
  7. Streaming media platform Plex warns users to reset passwords after data breach

For the more technical

  1. Dirty Cred: No pipe but as nasty as Dirty Pipe
  2. Experts warn of widespread exploitation involving Hikvision cameras
  3. Palo Alto warns of firewall vulnerability used in DDoS attack on service provider
  4. An in-depth study of Java deserialization remote-code execution exploits and vulnerabilities (PDF)
  5. Gairoscope: Injecting data from air-gapped computers to nearby gyroscopes (PDF)
  6. EtherLED: Sending covert Morse signals from air-gapped devices via network card (NIC) LEDs (PDF)
  7. Generate your own hash sets with HashR
  8. An encrypted ZIP file can have two correct passwords — here’s why
  9. Microsoft Edge password manager security
  10. Replay of Primary Refresh (PRT) and other issued tokens from an Azure AD joined device
  11. Roasting 0ktapus: The phishing campaign going after Okta identity credentials
  12. You can’t audit me: APT29 continues targeting Microsoft 365
  13. Bumblebee loader – the high road to enterprise domain control
  14. MagicWeb: NOBELIUM’s post-compromise trick to authenticate as anyone
  15. HavanaCrypt ransomware masquerading as Google Update
  16. New ‘Donut Leaks’ extortion gang linked to recent ransomware attacks
  17. Ransomware actor abuses Genshin Impact anti-cheat driver to kill antivirus
  18. Fake DDoS pages on WordPress sites lead to drive-by-downloads
  19. Fake Chrome extension ‘Internet Download Manager’ has 200,000 installs
  20. Looking for the ‘Sliver’ lining: Hunting for emerging command-and-control frameworks
  21. Making victims pay, infostealer malwares mimick pirated-software download sites
  22. Grandoreiro banking trojan with new TTPs targeting various industry verticals
  23. New Iranian APT data extraction tool
  24. Kimsuky’s GoldDragon cluster and its C2 operations

Did you enjoy this list? You can subscribe to one of our feeds on Twitter, Facebook or RSS.

Leave a Reply

Your email address will not be published. Required fields are marked *